QUESTION 70A network engineer is asked to configure a “site-to-site” IPsec VPN tunnel. One of the last things that the engineer does is to configure an access list (access-list 1 permit any) along with the command ip nat inside source list 1 int s0/0 overload. Which functions do the two commands serve in this scenario?

A. The command access-list 1 defines interesting traffic that is allowed through the tunnel.B. The command ip nat inside source list 1 int s0/0 overload disables “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface.C. The command access-list 1 permit any defines only one machine that is allowed through the tunnel.D. The command ip nat inside source list 1 int s0/0 overload provides “many-to-one” access for all devices on a defined segment to share a single IP address upon exiting the external interface.

Answer: AExplanation:Fast switching allows higher throughput by switching a packet using a cache created by the initial packet sent to a particular destination. Destination addresses are stored in the high-speed cache to expedite forwarding. Routers offer better packet-transfer performance when fast switching is enabled. Fast switching is enabled by default on all interfaces that support fast switching. To display the routing table cache used to fast switch IP traffic, use the “show ip cache” EXEC command.http://www.cisco.com/c/en/us/td/docs/ios/12_2/switch/command/reference/fswtch_r/xrfscmd5.html #wp1038133

QUESTION 73Which two actions must you perform to enable and use window scaling on a router? (Choose two.)

A. Execute the command ip tcp window-size 65536.B. Set window scaling to be used on the remote host.C. Execute the command ip tcp queuemax.D. Set TCP options to “enabled” on the remote host.E. Execute the command ip tcp adjust-mss.

Answer: ABExplanation:The TCP Window Scaling feature adds support for the Window Scaling option in RFC 1323, TCP Extensions for High Performance. A larger window size is recommended to improve TCP performance in network paths with large bandwidth-delay product characteristics that are called Long Fat Networks (LFNs). The TCP Window Scaling enhancement provides that support. The window scaling extension in Cisco IOS software expands the definition of the TCP window to 32 bits and then uses a scale factor to carry this 32-bit value in the 16-bit window field of the TCP header. The window size can increase to a scale factor of 14. Typical applications use a scale factor of 3 when deployed in LFNs.The TCP Window Scaling feature complies with RFC 1323. The larger scalable window size will allow TCP to perform better over LFNs. Use the ip tcp window-size command in global configuration mode to configure the TCP window size. In order for this to work, the remote host must also support this feature and its window size must be increased. http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp/configuration/12-4t/iap-12-4t-book/iap-tcp.html#GUID-BD998AC6-F128-47DD-B5F7-B226546D4B08

Answer: DExplanation:PAP authentication involves a two-way handshake where the username and password are sent across the link in clear text; hence, PAP authentication does not provide any protection against playback and line sniffing.CHAP authentication, on the other hand, periodically verifies the identity of the remote node using a three-way handshake. After the PPP link is established, the host sends a “challenge” message to the remote node. The remote node responds with a value calc”lated usi”g a one-way hash function. The host checks the response against its own calculation of the expected hash value. If the values match, the authentication is acknowledged; otherwise, the connection is terminated.http://www.cisco.com/c/en/us/support/docs/wan/point-to-point-protocol-ppp/10241-ppp-callin-hostname.html

Answer: AExplanation:Dynamic address mapping uses Frame Relay Inverse ARP to request the next-hop protocol address for a specific connection, given its known DLCI. Responses to Inverse ARP requests are entered in an address-to-DLCI mapping table on the router or access server; the table is then used to supply the next-hop protocol address or the DLCI for outgoing traffic.http://www.cisco.com/c/en/us/td/docs/ios/12_2/wan/configuration/guide/fwan_c/wcffrely.html

Answer: AExplanation:Before you troubleshoot any OSPF neighbor-related issues on an NBMA network, it is important to remember that an NBMA network can be configured in these modes of operation with the ip ospf network command:The Hello and Dead Intervals of each mode are described in this table:Network TypeHello Interval (secs)Dead Interval (secs)Point-to-PointPoint-to-MultipointBroadcastNon-Broadcasthttp://www.cisco.com/c/en/us/support/docs/ip/open-shortest-path-first-ospf/13693-22.html

QUESTION 77A router with an interface that is configured with ipv6 address autoconfig also has a link- local address assigned. Which message is required to obtain a global unicast address when a router is present?

Answer: BExplanation:Autoconfiguration is performed on multicast-enabled links only and begins when a multicast- enabled interface is enabled (during system startup or manually). Nodes (both, hosts and routers) begin the process by generating a link-local address for the interface. It is formed by appending the interface identifier to well-known link-local prefix FE80::0. The interface identifier replaces the right-most zeroes of the link-local prefix.Before the link-local address can be assigned to the interface, the node performs the Duplicate Address Detection mechanism to see if any other node is using the same link-local address on the link. It does this by sending a Neighbor Solicitation message with target address as the “tentative” address and destination address as the solicited- node multicast address corresponding to this tentative address. If a node responds with a Neighbor Advertisement message with tentative address as the target address, the address is a duplicate address and must not be used. Hence, manual configuration is required. Once the node verifies that its tentative address is unique on the link, it assigns that link-local address to the interface. At this stage, it has IP-connectivity to other neighbors on this link. The autoconfiguration on the routers stop at this stage, further tasks are performed only by the hosts. The routers will need manual configuration (or stateful configuration) to receive site-local or global addresses.The next phase involves obtaining Router Advertisements from routers if any routers are present on the link. If no routers are present, a stateful configuration is required. If routers are present, the Router Advertisements notify what sort of configurations the hosts need to do and the hosts receive a global unicast IPv6 address.https://sites.google.com/site/amitsciscozone/home/important-tips/ipv6/ipv6-stateless-autoconfiguration

QUESTION 78An engineer has configured a router to use EUI-64, and was asked to document the IPv6 address of the router. The router has the following interface parameters:mac address C601.420F.0007subnet 2001:DB8:0:1::/64Which IPv6 addresses should the engineer add to the documentation?

Answer: AExplanation:Extended Unique Identifier (EUI), as per RFC2373, allows a host to assign iteslf a unique 64-Bit IP Version 6 interface identifier (EUI-64). This feature is a key benefit over IPv4 as it eliminates the need of manual configuration or DHCP as in the world of IPv4. The IPv6 EUI-64 format address is obtained through the 48-bit MAC address. The Mac address is first separated into two 24-bits, with one being OUI (Organizationally Unique Identifier) and the other being NIC specific. The 16-bit 0xFFFE is then inserted between these two 24-bits to for the 64-bit EUI address. IEEE has chosen FFFE as a reserved value which can only appear in EUI-64 generated from the EUI-48 MAC address.

QUESTION 79For security purposes, an IPv6 traffic filter was configured under various interfaces on the local router. However, shortly after implementing the traffic filter, OSPFv3 neighbor adjacencies were lost. What caused this issue?

A. The traffic filter is blocking all ICMPv6 traffic.B. The global anycast address must be added to the traffic filter to allow OSPFv3 to work properly.C. The link-local addresses that were used by OSPFv3 were explicitly denied, which caused the neighbor relationships to fail.D. IPv6 traffic filtering can be implemented only on SVIs.

QUESTION 80What is the purpose of the autonomous-system {autonomous-system-number} command?

A. It sets the EIGRP autonomous system number in a VRF.B. It sets the BGP autonomous system number in a VRF.C. It sets the global EIGRP autonomous system number.D. It sets the global BGP autonomous system number.

Answer: AExplanation:To configure the autonomous-system number for an Enhanced Interior Gateway Routing Protocol (EIGRP) routing process to run within a VPN routing and forwarding (VRF) instance, use the autonomous-system command in address-family configuration mode. To remove the autonomous-system for an EIGRP routing process from within a VPN VRF instance, use the no form of this command.Autonomous-system autonomous-system-numberno autonomous-system autonomous-system-numberhttp://www.cisco.com/c/en/us/td/docs/ios/iproute_eigrp/command/reference/ire_book/ire_a1.html#wp1062796